diff --git a/action_secrets.tf b/action_secrets.tf
index b96586f..efe3ad5 100644
--- a/action_secrets.tf
+++ b/action_secrets.tf
@@ -2,22 +2,17 @@ locals {
   repo_exists = var.create_repo ? github_repository.repo[0] : data.github_repository.existing[0]
 }
 
-# data "github_actions_public_key" "repo_key" {
-#   repository = local.github_repo.name
-#   count     = local.repo_exists != null ? 1 : 0
-# }
-
 resource "github_actions_secret" "secret" {
   for_each        = tomap({ for secret in var.secrets : secret.name => secret.value })
-  repository      = local.github_repo.name
+  repository      = local.repo_exists.name
   secret_name     = each.key
-  encrypted_value = base64encode(each.value)
+  plaintext_value = each.value
   depends_on      = [local.repo_exists]
 }
 
 resource "github_actions_variable" "variable" {
   for_each      = tomap({ for _var in var.vars : _var.name => _var.value })
-  repository    = local.github_repo.name
+  repository    = local.repo_exists.name
   variable_name = each.key
   value         = each.value
   depends_on    = [local.repo_exists]
diff --git a/branch_protection.tf b/branch_protection.tf
new file mode 100644
index 0000000..722ff8c
--- /dev/null
+++ b/branch_protection.tf
@@ -0,0 +1,51 @@
+locals {
+  branch_protection_rules = {
+    main = {
+      pattern                     = var.github_default_branch
+      enforce_admins             = var.github_enforce_admins_branch_protection
+      allows_deletions           = false
+      require_signed_commits     = true
+      required_linear_history    = true
+      required_status_checks     = var.required_status_checks
+      required_pull_request_reviews = {
+        dismiss_stale_reviews           = var.github_dismiss_stale_reviews
+        require_code_owner_reviews      = var.github_require_code_owner_reviews
+        required_approving_review_count = var.github_required_approving_review_count
+        pull_request_bypassers          = var.pull_request_bypassers
+      }
+    }
+  }
+}
+
+resource "github_branch_protection" "protection" {
+  for_each = local.branch_protection_rules
+
+  repository_id           = local.repo_exists.node_id
+  pattern                = each.value.pattern
+  enforce_admins         = each.value.enforce_admins
+  allows_deletions       = try(each.value.allows_deletions, false)
+  allows_force_pushes    = try(each.value.allows_force_pushes, false)
+  require_signed_commits = try(each.value.require_signed_commits, false)
+  required_linear_history = try(each.value.required_linear_history, false)
+
+  dynamic "required_status_checks" {
+    for_each = each.value.required_status_checks != null ? [each.value.required_status_checks] : []
+    content {
+      strict   = try(required_status_checks.value.strict, true)
+      contexts = required_status_checks.value.contexts
+    }
+  }
+
+  dynamic "required_pull_request_reviews" {
+    for_each = each.value.required_pull_request_reviews != null ? [each.value.required_pull_request_reviews] : []
+    content {
+      dismiss_stale_reviews           = try(required_pull_request_reviews.value.dismiss_stale_reviews, true)
+      restrict_dismissals            = try(required_pull_request_reviews.value.restrict_dismissals, false)
+      require_code_owner_reviews     = try(required_pull_request_reviews.value.require_code_owner_reviews, true)
+      required_approving_review_count = try(required_pull_request_reviews.value.required_approving_review_count, 1)
+      pull_request_bypassers         = try(required_pull_request_reviews.value.pull_request_bypassers, [])
+    }
+  }
+
+  depends_on = [local.repo_exists]
+}
\ No newline at end of file
diff --git a/data.tf b/data.tf
index 02ee089..50c7664 100644
--- a/data.tf
+++ b/data.tf
@@ -1,3 +1,9 @@
 locals {
   codeowners = length(var.additional_codeowners) > 0 ? flatten(["${var.repo_org}/${var.github_codeowners_team}", formatlist("${var.repo_org}/%s", var.additional_codeowners)]) : ["${var.repo_org}/${var.github_codeowners_team}"]
 }
+
+data "github_repository" "existing" {
+  count       = var.create_repo ? 0 : 1
+  name        = var.name
+  full_name   = var.repo_org != null ? "${var.repo_org}/${var.name}" : var.name
+}
diff --git a/github_repo.tf b/github_repo.tf
index d0144b1..514adff 100644
--- a/github_repo.tf
+++ b/github_repo.tf
@@ -91,8 +91,3 @@ resource "github_repository" "repo" {
     ]
   }
 }
-
-data "github_repository" "existing" {
-  count = var.create_repo ? 0 : 1
-  name  = var.name
-}
diff --git a/terraform-github-repo.code-workspace b/terraform-github-repo.code-workspace
new file mode 100644
index 0000000..152a815
--- /dev/null
+++ b/terraform-github-repo.code-workspace
@@ -0,0 +1,18 @@
+{
+	"folders": [
+		{
+			"path": "."
+		},
+		{
+			"path": "../providers/terraform-provider-github/website/docs/r",
+			"name": "provider/github/resources"
+		},
+		{
+			"path": "../providers/terraform-provider-github/website/docs/d",
+			"name": "provider/github/data-sources"
+		},
+		{
+			"path": "../docs/terraform/website/docs/language"
+		},
+	]
+}
\ No newline at end of file